Mobile terminal system

ABSTRACT

A system, apparatus and method for enabling interaction between a mobile device and a dynamic list of remotely hosted applications. A mobile device is provided with a removable module implementing a virtual machine defined by a set of instructions. The mobile device requests an initial application from an application server. The application server generates a message, including a set of commands and any parametric information, such as text to be displayed, which is then compiled into executable code. The executable code is then forwarded to the mobile device for execution. The mobile device interprets the executable code and runs it, possibly causing text or a menu to be displayed. In a first embodiment, the mobile device requests a list of currently available applications and is provided with such a list by a first application server. The user is then able to select from the list of applications, some which can be located on other servers. In another embodiment, an application server initiates a communication by transmitting a set of commands causing one or more actions on the mobile device, such as the sounding of an audio alarm, the displaying of text, etc.

FIELD OF THE INVENTION

[0001] The present invention relates generally to mobile communicationdevices, and more particularly relates to the dynamic provision ofapplications to mobile communication devices via application servers.

BACKGROUND OF THE INVENTION

[0002] In the area of wired conventional computer communications,terminals have been in use for at least 30 years. Terminals served asinput-output devices, acting merely as an interface between a user and aremote computer. Typically, a terminal consisted of a screen andkeyboard, with little or no processing power and no local storage. Theterminal, or client, was connected to a host computer, usually amainframe, by way of a serial line connection. This hard-wiring ensuredthe security of the transmissions between the host and the client.Characters entered on the terminal were transmitted to the host to beacted on by software resident thereon, and characters generated on thehost by the software were transmitted back to the terminal for displayto the user. An advantage of the terminal system was that it allowedmultiple users to access the processing power and applications residenton the mainframe without attending at the mainframe location. Inaddition, because of their simple, rugged design, the terminals wereinexpensive and tended to outlast early micro-computers.

[0003] The concept of terminals has been adapted for use with theInternet through the use of “net-boxes”. Essentially, the net-box is aterminal connected to a network by a coaxial or serial line connectionsso as to allow a user to access and execute software that is resident onremote computers. A net-box, like a terminal, has limited processingpower and little or no local storage. It might have a simple operatingsystem or front-end, but more complicated software is located remotely.As with the original terminal, this allows the net-box to bemanufactured less expensively and with a simpler, more generic designthan a personal computer. The simplicity of design reducesadministration costs for such systems as a service provider can modifythe functionality provided to the net-boxes simply by replacing theterminal, or application, server or by modifying its configuration tochange the applications offered.

[0004] Mobile communication devices such as PDAs and mobile phones aresimple computers with limited computational power and resources, such asstorage, memory and clock frequency. Mobile communication devices can beequipped with client software to communicate with a remote serverthrough a wireless network. Such devices are usually loaded with a fewclient applications either by the user, the manufacturer or the networkoperator. It is a common practice to distribute applications through theInternet. Some additional equipment such as a personal computer andspecial cables and connectors are needed to transfer the clientapplication to the mobile communications device.

[0005] In case of GSM (global systems for mobile communications), theembedded SIM (subscriber identity module) card acts as the computerwhile the handset or device performs the function of the input/outputdevice. SIM cards are preloaded with the desired applications and sentto end-users. Applications loaded onto the SIM card prior to sale to theend-user are primarily developed with a SIM toolkit, such as thatavailable from Gemplus, that employ the SIM toolkit markup language(STKML). STKML is not unlike HTML and, as such, there is an inherentlylarge overhead associated with transmitting commands that access remotedevice control functionality from an application server to a GSM device.End-users can only access applications resident on their SIM and, thus,need to update the applications on their SIM or obtain a new SIM toaccess new applications.

[0006] Updating such applications using SIM cards is an awkward process.One method is to update the SIM application via an OTA (Over-The-Air)platform. An OTA platform is effectively a computer equipped with thenecessary software to remotely access a SIM card in a GSM phone andupload an application or other information onto the card. Even thoughutilizing an OTA platform for updating applications on a SIM card istheoretically possible, this method is not widely used. Uploading anapplication onto a remote SIM card over the air is a slow process. Theapplication, typically five kilobytes in size, must be divided infragments of approximately 140 bytes embedded in short messages. Thesemessages are then sent to the SIM via SMS (short message service). Forreliability, the OTA usually requests a delivery receipt from thehandset. The risk for failure grows with the size of the application.

[0007] Another method of updating the applications on a SIM card is theconnection of the handset or device to a computer by cable and theuploading of applications and data to the SIM card using software. Afurther method is the provisioning of a new SIM card to the end-usercontaining the updated applications is expensive as a new card must besecurely mailed. Still further, the end-user must remove thecurrently-installed SIM card and replace it with the newer one.

[0008] Another method of application delivery for mobile devices is toprovide a browser on the device, either as part of the handset ordevice, or on a SIM module. When the browser application is initiated bythe handset, the browser fetches a generic page that includes links toother pages. The browser is not unlike a web browser on a desktopcomputer in that it is a request/response application; that is, it canonly receive a page of information that it requests and cannot beforwarded a page or instructions that it did not request. Furthermore,many mobile devices are not equipped with a browser. Where provisioned,browser applications typically occupy seven kilobytes of the limited 16to 32 kilobytes of memory that SIMs are typically provisioned with.

[0009] Further, information delivered to a browser on a mobile device isformatted in a markup language similar to HTML that, however, inherentlyhas a large overhead associated with the tags defining formatting orother information, such as the location of a linked page.

[0010] Additionally, as browsers were designed to display simpleinformation, they do not include the ability to execute instructionsthat would provide an application control over the device, such as theability to dial a number on the handset.

SUMMARY OF THE INVENTION

[0011] It is therefore an object of the invention to provide a novelsystem, apparatus and method for enabling interaction between a mobiledevice and a dynamic list of remotely hosted applications that obviatesor mitigates at least one of the disadvantages of the prior art.

[0012] In a first embodiment of the invention, there is provided amobile terminal system, comprising: at least one mobile device forcommunication with at least one application server via a communicationmedium, the mobile devices having a user interface, a wirelesscommunications interface and a removable module; a virtual machineimplemented by the removable module, the virtual machine defined by aset of instructions enabling management of the mobile device; theremovable module additionally having a wireless communication moduleenabling the virtual machine to receive a set of commands through thewireless communications interface from the at least one applicationserver, the commands being chosen from the set of instructions; and atleast one application hosted by the at least one application server, theat least one application having a first network interface for sendingthe set of commands and receiving a set of client data.

[0013] Preferably, the removable module and the at least one applicationserver additionally comprise a cryptographic module to provideauthentication between the mobile device and the at least oneapplication server.

[0014] Also preferably, the cryptographic module encrypts and decryptscommunication between the mobile device and the at least one applicationserver.

[0015] In a preferred aspect of the first embodiment, the systemadditionally comprises: a first application server hosting a directoryapplication, the directory application being configured to provide anapplication list response to the mobile device in response to anapplication list request from the mobile, enabling the mobile device toinitiate interaction with one of the at least one application.

[0016] It is contemplated that the first application server hasknowledge of at least one other application hosted by at least one otherapplication server, and the application list response includes a set ofaddresses for the at least other one application hosted on the at leastone other application server.

[0017] In another aspect of the first embodiment, the set ofinstructions consists of one byte op-codes.

[0018] In a further aspect of the first embodiment, the at least oneapplication server is in communication with at least one data server andone of the applications on the at least one application server isoperable to request and receive a data object from the at least oneinformation server, reformat the data object for the virtual machine andtransmit the reformatted data object to the mobile device. Data objectscan include, but are not limited to, web pages or responses to databasequeries.

[0019] In a second embodiment of the invention, there is provided amobile terminal device, comprising: a mobile device having a userinterface, a removable module and a wireless communications interfacefor communicating with at least one application server; the removablemodule implementing a virtual machine enabling management of the mobiledevice through a set of instructions provisioned by the virtual machine;and a wireless communication module on the removable module enabling thevirtual machine to transmit a set of client data through the wirelesscommunications interface to the at least one application server andreceive at least one command formed from the set of instructions.

[0020] In a third embodiment of the present invention, there is provideda removable module for use in a mobile device, comprising: non-volatilememory means for storage of at least one application and a set ofapplication data; and the at least one application including a virtualmachine defined by a set of instructions, and a communications moduleenabling the mobile device to receive a message in a first formatnatively handled by the mobile device and allowing the extraction fromthe message at least one command at least partially comprised of asubset of the set of instructions, such that when the removable moduleis deployed in the mobile device, the mobile device is able to receivethe at least one command from an application server.

[0021] In another aspect of the embodiment, the removable moduleadditionally comprises a communications module for extracting the atleast one command from the message and an optional cryptographic moduleto provide authentication between the mobile device and the applicationserver and possibly to encrypt communication to and decryptscommunication from the application server.

[0022] In a further aspect of the embodiment, the removable moduleadditionally comprises: processing means for executing the virtualmachine; and volatile memory means enabling the temporary storage of aset of runtime data by the virtual machine.

[0023] Preferably, the set of instructions are mapped to one-byteop-codes.

[0024] Also preferably, the set of instructions enable the applicationserver to remotely control the mobile device.

[0025] In another aspect of the embodiment, the set of instructionsenables the virtual machine to receive the at least one command from theapplication server, allowing a user to initiate communication with asecond application server upon selection thereof by a user of the mobiledevice.

[0026] In a fourth embodiment of the present invention, there isprovided an application server for enabling a mobile device to access anapplication, comprising: a network interface for sending a set ofmessages to the mobile device and for receiving a set of communicationsfrom the mobile device, the mobile device implementing a virtual machinedefined by a set of instructions, and the messages encapsulating atleast one command chosen from the set of instructions; at least oneapplication for interaction with the mobile device, the at least oneapplication being operable to generate a set of directions for themobile device, compile the set of directions into at least one commandfor execution by the virtual machine and package the at least onecommand in the set of messages natively handled by the mobile device.

[0027] In an aspect of the embodiment, the virtual machine isimplemented by a removable module of the mobile device.

[0028] Preferably, the instructions are mapped to a set of one-byteop-codes and the at least one application compiles the set of directionsat least partially into the one-byte op-codes.

[0029] In another aspect of the embodiment, the application serverinitiates a session by transmitting the at least one command to themobile device without having received at least one communication fromthe mobile device.

[0030] Preferably, the set of instructions enables the applicationserver to remotely control the mobile device.

[0031] In a further aspect of the embodiment, a directory applicationmaintains a list of applications accessible to the mobile device, thedirectory application being operable to receive an application listrequest from the mobile device and return an application list responsecomprised of the set of directions required to instruct the virtualmachine to display a menu of the list of applications that enables auser of the mobile device to select one of the applications in the listof applications and initiate communications with the applicationselected.

[0032] It is contemplated that at least one of the applications on thelist of applications is hosted by a second application server, andselection of one of the applications by the user of the mobile devicecauses the mobile device to initiate a session with the secondapplication server.

[0033] In a fifth embodiment of the present invention, there is provideda method of adding an application to an application server accessed by amobile device; comprising: configuring the application for deployment onthe application server; updating an application list indicating a set ofavailable applications on the application server; receiving a requestfor the application list; and responding to the request with the updatedapplication list, the updated application list being compiled at leastpartially into a set of commands chosen from a set of instructionsprovided by a virtual machine implemented by a mobile device; such thata user of the mobile device can select any one of the availableapplications from the application list and initiate interactiontherewith.

[0034] In an aspect of the embodiment, the virtual machine isimplemented on a removable module of the mobile device.

[0035] Preferably, the set of instructions is comprised of one-byteop-codes.

[0036] In a further embodiment of the invention, there is provided asystem of managing a mobile device from a remote server, comprising: aremote server having a network interface for transmitting at least onecommand in at least one command communication over a wireless protocol;a mobile device having a user interface, a wireless communicationinterface and a removable module; a virtual machine implemented on theremovable module, the virtual machine having a set of instructionsenabling control of the mobile device; and the removable module having awireless communication module for receiving the at least one commandcommunication from the remote server received through the wirelesscommunication interface, extracting the at least one command from the atleast one command communication and forwarding the at least one commandto the virtual machine, enabling the remote server to control the mobiledevice.

[0037] In another embodiment of the invention, there is provided amethod of transferring sessional control on a mobile device from a firstapplication hosted on a first application server to a second applicationhosted by a second application server, comprising: sending at least onecommand selected from a set of instructions provided by a virtualmachine implemented on a removable module of the mobile device from thefirst application on the first application server through a firstnetwork interface thereon to the mobile device, thereby enabling themobile device to send an initial request to the second applicationhosted on the second application server.

[0038] In an aspect of the embodiment, the virtual machine isimplemented by a removable module of the mobile device.

[0039] In another aspect of the embodiment, the mobile device sends theinitial request to the second application upon selection of the secondapplication by a user of the mobile device.

[0040] Preferably, the set of instructions are comprised of one-byteop-codes.

BRIEF DESCRIPTION OF THE DRAWINGS

[0041] Preferred embodiments of the present invention will now bedescribed, by way of example only, with reference to the attachedFigures, wherein:

[0042]FIG. 1 is a block diagram of the mobile terminal device system inaccordance with an embodiment of the present invention;

[0043]FIG. 2 is a schematic diagram of a mobile device used in thesystem of FIG. 1; and

[0044]FIG. 3 is a schematic diagram of an application server used in thesystem of FIG. 1.

DETAILED DESCRIPTION OF THE INVENTION

[0045] Referring now to FIG. 1, the mobile terminal device system inaccordance an embodiment of the invention is indicated generally at 100.A plurality of mobile devices 200 are in communication with a number ofbase stations 104.

[0046] In an embodiment of the present invention, mobile devices 200 andbase stations 104 communicate in accordance with the Global System forMobile Communications (GSM) standard. Mobile devices 200 representcellular telephone handsets that are Phase 2+compliant. Such devices,for purposes of the present invention, are distinguished over prior GSMhandsets in that they allow a new set of commands that enable directaccess to various features of the handset. These commands are referredto as “proactive commands” and form part of the STK instruction set forPhase 2+ compliant devices.

[0047] In the present invention, mobile devices 200 send and receivecommunications via Short Message Service (SMS), a protocol introduced inthe GSM standards and present since. SMS is a widely-adopted protocolakin to paging, enabling communications to be transmitted in 140-bytepackets. It also allows information to be forwarded to the handsetwithout an explicit request therefrom. This functionality is commonlyreferred to as “push” technology.

[0048] SMS messages received by a base station 104 are forwarded to aSMS Center (SMSC) 108. Upon receipt of an SMS message, SMSC 108 attemptsto locate the addressee and forward the message. In a current embodimentof the invention, SMSC 108 forwards the SMS message to an SMS Gateway(SMSGW) 112 in communication with application servers 300 over a largenetwork, such as the Internet 116.

[0049] SMSGW 112 serves three functions: the reformatting of messages(if required), the interfacing with the SMSCs 108 and the routing ofthese messages. The reformatting functionality required of SMSGW 112depends on the topological location of SMSGW 112. For example, whereSMSGW 112 is located in a wireless carrier's infrastructure, SMSGW 112can communicate with SMSCs 108 via short message peer-to-peer protocol(SMPP) over the routing protocol implemented by the carrier's backbone,such as Internet protocol (IP) or X.25, and with application servers 300via transmission control protocol over IP (TCP/IP) through the carrier'sInternet point-of-presence. In this case, SMSGW 112 extracts the datafrom the SMPP datagram and, in some cases, concatenates and packages thedata segments for transmission as a TCP/IP packet. SMSGW 112 thenforwards the data to the addressee, an application server 300, over theInternet 116.

[0050] Communications from application servers 300 to mobile devices 200travel the reverse route through the Internet 116, to SMSGW 112, then toSMSC 108 and finally to mobile device 100 via base station 104.

[0051] Referring now to FIG. 2, a mobile device 200 in accordance withthe present invention is shown. User interaction with mobile device 200is directed through a user interface 204. User interface 204 typicallyconsists of a display screen and a keypad (both not explicitly shown).It is noted, however, that user interface 204 can be implemented in anumber of ways, including, but not limited to, audio input and output.

[0052] A user can initiate interaction with an application resident onremote application server 300 by depressing a key on the keypad. Asignal is sent from user interface 204 to a subscriber identity module(SIM) 208.

[0053] SIM 208 is effectively a system on a chip that includes amicroprocessor, read-only memory (ROM), persistent electrically-erasableprogrammable read-only memory (EEPROM), volatile random access memory(RAM) and a serial input/output interface. SIM 208 is typically loadedwith an operating system that implements a file system and executes anumber of applications. This software is loaded into the ROM and theEEPROM by either the manufacturer or vendor of SIM 208, or the providerof the wireless service. The SIM relies on the GSM handset for batterypower and clock maintenance.

[0054] Mobile device 200 relies on SIM 208 to execute authenticationalgorithms to identify the user to the wireless service provider'snetwork, use cryptographic keys stored in EEPROM for authentication,store data for various services such as abbreviated number dialing andSMS, and store applications.

[0055] In the present invention, SIM 208 is provisioned with a set ofadditional applications to enable the enhanced functionality. Theseapplications are typically loaded prior to distribution to an end-user,but can also be uploaded to SIM 208 via an over-the-air (OTA) system.

[0056] Upon receipt of a message from user interface 204, a logicsubsystem 212 determines whether or not the message is directed to anapplication hosted by application server 300. If the message is directedto an application hosted by application server 300, the message isforwarded to wireless communication module 224 optionally by way ofcryptographic module 220, otherwise it is sent on to other functionality232 implemented by SIM 208, such as a voice call or a text SMS.

[0057] In the presently preferred embodiment of the invention, uponrequest for initiation of a session with an application hosted on remoteapplication server 300, the request is forwarded to a cryptographicmodule 220. Cryptographic module 220 provides a number of services.Typically, cryptographic module 220 encrypts all communications toremote application server 300. A variety of encryption schemes can beemployed, but where sensitive information is being transmitted, it ismore common to either fully encrypt all communications via public keyencryption or use public key encryption to obtain a symmetric sessionkey. Although encryption is currently available, end-to-end security isnot provided. Transmissions are only encrypted between mobile device 200and base station 104 and then from an encryption-enabled server fromwithin the wireless service provider's infrastructure to the other end,leaving data unencrypted from base station 104 to the encryption-enabledserver, typically at the wireless service provider's point-of-presencefor the Internet. Further, the algorithms used for encryptingtransmissions between mobile devices 200 and base stations 104, such asA5/1, are considered to be weak and, as such, susceptible to attack.

[0058] Further, the ability of SIM 208 to digitally sign a messageenables a variety of applications where non-repudiation is essential,such as m-commerce, banking, etc.

[0059] Once the message has been encrypted, it is forwarded to awireless communication module 224. Wireless communication module 224prepares the message for transmission by segmenting the message, ifnecessary, and packaging it as an SMS message that is readily handled bythe standard functionality of the handset.

[0060] The SMS message is then forwarded to a radio 236 for transmissionthrough antenna 240 to base station 104.

[0061] Now referring to FIG. 3, application server 300 is shown inaccordance with an embodiment of the invention. The message from mobiledevice 200 is received by an application server front end 304 on anetwork interface 308. Application server front end 304 can be aseparate process running on the same physical device as applicationserver 300 or can be placed on a separate physical device. Networkinterface 308 assembles the message from the TCP/IP packets received andpasses the message to a cryptographic module 312 that decrypts themessage encrypted by cryptographic module 220. Cryptographic module 312can also verify a digital signature if one has been appended to themessage to ensure that the message was sent from a specific handset.

[0062] Where cryptographic module 312 does not possess a requiredcertificate for mobile device 200, it can obtain the requiredcertificate from a certificate server 120.

[0063] The message is then forwarded one of at least one application 316hosted by application server 300. Application server 300, uponcompletion of processing of the message by cryptographic module 312,launches the addressed application 316, if not then running, and passesthe message to it.

[0064] In a presently preferred embodiment of the invention, the initialmessage from mobile device 200 to application server 300 is a requestfor a list of applications hosted thereon. Upon receipt of this request,application server 300 forwards it to a directory application 320 whichhas or can obtain knowledge of a list of applications 316 hosted byapplication server 300. Directory application 320 receives this requestand generates a list of applications 316 and the address of eachapplication. Application server 300 then generates the necessary code todisplay an interactive menu on mobile device 200 and, from it, compilesbyte code for execution by a virtual machine 216 implemented by SIM 208,embedding the application list and application location information inthe executable code.

[0065] In a particular embodiment, the list of applications 316maintained by application server 300 includes applications hosted byother application servers.

[0066] When a new application 316D is to be made available to mobiledevice 200, new application 316D is first installed on applicationserver 300. The new application is then added to the list ofapplications available on application server 300 that is accessedthrough directory application 320. As a result, any subsequent responsesby directory application 320 to requests for a list of applications willenable the user of mobile device 200 to select and access newapplication 316D.

[0067] Conversely, where an application 316C is to be removed fromservice, the list of applications available through directoryapplication 320 is first updated to remove the reference to application316C, then application 316C can be removed from the application serverupon which it resides, provided that no sessions are active withapplication 316C.

[0068] The response is transferred to application server front end 304,where it is signed and encrypted by cryptographic module 312 beforetransmission over the Internet to SMSGW 112 via network interface 308.As a large degree of control can be obtained over mobile device 200 viathe method of the invention, it is common practice to have applicationserver 300 digitally sign messages before transmission to mobile device200 to reduce the ability of an unauthorized party to take control ofthe handset.

[0069] Referring again to FIG. 1, the communication is forwarded toSMSGW 112 where it can be segmented and packaged as SMS messages fortransmission as SMPP traffic and sent on to the appropriate SMSC 108 forfinal transmission to mobile device 200 through base station 104. WhileSMSCs 108 have the ability to store a message for later forwarding ifthe intended recipient is inactive, such as when a handset has beenturned off or is out of range, this feature remains largely unutilizedexcept where the SMSC 108 is directed to retry sending a message to amobile device for a short period of time in order to maintain aconnection between an SMSC 108 and a mobile device 200 with a connectionof poor quality.

[0070] Referring again to FIG. 2, mobile device 200 receives theresponse via antenna 240. The response is then passed to radio 236 andforwarded to a protocol listener 228. Protocol listener 228 determineswhether the SMS message is addressed to virtual machine 216 or toanother application 228. SMS messages have an eight-byte header, aone-byte portion, the protocol identifier, of which indicates the targetof the message, not unlike a port number for TCP/IP packets. In caseswhere the SMS packet payload is a binary executable download, this byteis set to “7F”. SMS packets can contain a number of other types ofpayloads, including, but not limited to, a text message to be displayedimmediately on the display means of mobile device 200, for which theprotocol identifier is set to “0”. In the case where the message is acommand stream to generate a menu with a list of applications 316 hostedby one or more application servers 300 and their addresses, the messageis forwarded to SIM 208. Upon receipt of the envelope commands, anapplication launcher thereon refers to a configuration file and selectsan appropriate application for launching. Where the message is generatedby application server 300, the message is forwarded to wirelesscommunication module 224, where the data is extracted from the receivedSMS packets and reassembled, where necessary.

[0071] Once the message is extracted and reassembled, it is forwarded tocryptographic module 220 where it is decrypted and the signature isauthenticated. By doing so, only commands sent by authorized parties areexecuted and replay attacks are nullified.

[0072] Where mobile device 200 contacts an application server 300 withwhich it is not familiar (that is, for which it has no digitalcertificate) to perform a “handshake”, mobile device 200 will receive asigned transmission that it is unable to verify, but that bears a uniquecertificate ID for the digital certificate of application server 300.Mobile device 200 can send a “fetch” command to certificate server 120.In preparing the “fetch” command, SIM 208 specifies the uniquecertificate ID of the certificate to be fetched from certificate server120. Certificate server 120 responds to mobile device 200 with thecertificate of the recently contacted application server 300, thusallowing mobile device 200 to verify the signature of the newapplication server 300. The new digital certificate is typically cachedfor later use.

[0073] The “fetch” request from mobile device 200 can also containinformation about the certificates of certificate authorities andcertificate servers 120 that SIM 208 is aware of. In this case,certificate server 120 can determine the validity of the certificate andprovide current certificates for certificate server 120 and certificateauthority, where the certificates known to SIM 208 are found to berevoked, expired or invalid for any other reason.

[0074] Alternatively, where mobile device 200 possesses a certificatefor the new application server 300, it can forward information about thecertificate to certificate server 120 or other authority to ensure ithas not expired, been revoked, etc. Certificate server 120 can theneither provide confirmation of the validity of the certificate orforward mobile device 200 a new digital certificate, where appropriate.In a further alternative, mobile device 200 can discard a digitalcertificate upon the termination of a connection with application server300 and fetch a new copy upon reconnection thereto. Digital certificatescan also be forwarded to mobile device 200 via OTA platform, whererequired.

[0075] Once verified, the commands are forwarded to virtual machine 216for execution. Virtual machine 216 is an application environment definedby a set of instructions similar to a physical processor. In a presentlypreferred embodiment, there are approximately 50 such instructions,including “add”, “subtract”, “Xor”, “push” and “pop”. Other instructionscontrol the display of information through and the handling of input ormessages from user interface 204. Further, a subset of theseinstructions known as “proactive commands” provides control over thehandset. By accessing this subset, an application can cause device 200to perform a variety of functions, including the initiation of a voicecall, the configuration of a menu, the display of text, the sounding ofan alarm or the transmission of an SMS message.

[0076] A powerful feature of the instruction set defined for virtualmachine 216 implemented on SIM 208 is that the approximately 50available instructions are all mapped out to one byte op-codes. Thisallows a number of commands to be sent to mobile device 200 via shortertransmissions than otherwise possible, thus reducing use of limitedwireless bandwidth and improving response times.

[0077] In the case where the commands are received in response to aninitial request for a list of applications 316 hosted by applicationserver 300, the commands can direct user interface 204 to display thelist of applications 316 and allow a user to select one of theapplications 316. Upon selection of an application 316 from the list ofapplications 316, the mobile device sends an initial message to theselected application 316. Where the selected application resides on aseparate server, mobile device 200 initiates a communication with theseparate server.

[0078] One advantage of such a system is that the applications 316available to mobile device 200 can be dynamically configured without theneed to update the applications resident on the handset itself

[0079] It is noted that static portions of the applications delivered tomobile device 200 can be cached thereon for later use, thus reducingretransmission of previously received information.

[0080] In another aspect of the invention, application 316A can initiatecommunication with mobile device 200. For example, application 316A mayquery a database 324 routinely to determine if an event is scheduled formobile device 200. If database 324 indicates that an event is scheduledfor mobile device 200, application 316A can send an initial message tomobile device 200, comprising a set of commands contained in one or moreSMS packets, directing the handset to display text, send an SMS message,place a voice call, emit a sound, etc. Application 316A can be triggeredto contact mobile device 200 upon the realization of a threshold priceby a stock, both selected by an end-user. In such an example,application 316A can request confirmation of receipt of the message bythe mobile device user by means of the user keying in the appropriateresponse on mobile device 200, causing cryptographic module 220 to signa request acknowledgement for forwarding back to application server 300.Another example of such an application is localized advertisingdelivered to mobile device 200 based on the location of mobile device200.

[0081] While the embodiments discussed herein are directed to specificimplementations of the invention, it will be understood thatcombinations, sub-sets and variations of the embodiments are within thescope of the invention. For example, application servers 300 can bedeployed within the wireless service provider's infrastructure.

[0082] Virtual machine 216 can be implemented in hardware for example onan Application Specific Integrated Circuit (ASIC) and built into mobiledevice 200 or onto removable module 208.

[0083] Universal SIMs, or USIMs, scheduled for implementation in otherTDMA and CDMA-enabled mobile devices can be provided the samefunctionality as described for a SIM.

[0084] Handheld computing devices can be fitted with suitable modules toenable like functionality thereon and access to applications 324 onapplication servers 300. As handheld computing devices do not typicallyrely on expansion modules or cards for processing power, it iscontemplated that the card must only contain the information requiredfor handheld computing devices to implement virtual machine 216 usingprocessing and memory means already present on the device. The softwareto implement virtual machine 216, plus any additional modules andcertificates, may be placed in non-volatile memory on a card that alsoprovides wireless communication functionality.

[0085] Further variations can include a first application server 300accessing an application on another server on the Internet andreformatting the output for mobile device 200. For example, firstapplication server 300 can retrieve a web page from a web server andformat it for presentation on mobile device 200. First applicationserver 300 then compiles the reformatted information for interpretationby virtual machine 216. This enables mobile device 200 to accessinformation for which it does not have a client application installed.Another example is a method of accessing data on a database server,whereby first application server 300 queries a database server andreformats and compiles the data object received from the database serverin response to the query, perhaps a set of records.

[0086] In a still further variation, mobile device 200 can be configuredto connect to an application server 300 situated proximal to mobiledevice 200, such as one located within the wireless carrier'sinfrastructure possessing knowledge of the applications available onother application servers. Such an application server can be configuredto perform as a proxy for the other application servers and, further,cache the static portions of the applications.

[0087] Additionally, a first application server 300 can invisiblyredirect mobile device 200 for load balancing, localization, etc.

[0088] While particular embodiments of the invention have been disclosedspecifically relating to the field of mobile devices and wirelesscommunications, it will be understood by those of skill in the art thatthe invention is useful wherever a device has limited processing,storage and communication means, such as, for example, a personaldigital assistant communicating over an infrared link or connected to anetwork via a relatively slow serial connection.

[0089] The present invention provides a novel system, method andapparatus for dynamically altering the applications accessible to amobile device. Other advantages to the present invention will beapparent to those of skill in the art.

[0090] The above-described embodiments of the invention are intended tobe examples of the present invention and alterations and modificationsmay be effected thereto, by those of skill in the art, without departingfrom the scope of the invention which is defined solely by the claimsappended hereto.

We claim:
 1. A mobile terminal system, comprising: at least one mobiledevice for communication with at least one application server via acommunication medium, said mobile devices having a user interface, awireless communications interface and a removable module; a virtualmachine implemented by said removable module, said virtual machinedefined by a set of instructions enabling management of said mobiledevice; said removable module additionally having a wirelesscommunication module enabling said virtual machine to receive a set ofcommands through said wireless communications interface from said atleast one application server, said commands being chosen from said setof instructions; and at least one application hosted by said at leastone application server, said at least one application having a firstnetwork interface for sending said set of commands and receiving a setof client data.
 2. The mobile terminal system of claim 1, wherein saidremovable module and said at least one application server additionallycomprise a cryptographic module to provide authentication between saidmobile device and said at least one application server.
 3. The mobileterminal system of claim 2, wherein said cryptographic module encryptsand decrypts communication between said mobile device and said at leastone application server.
 4. The mobile terminal system of claim 2,additionally comprising: at least one certificate server able to receivea request for a digital certificate of one of said at least oneapplication server and respond with said digital certificate, such thatmobile device is able to obtain said digital certificate.
 5. The mobileterminal system of claim 4, wherein said at least one certificate serveris able to receive a request for validation of a cached digitalcertificate stored on said mobile device and provide an updated digitalcertificate or a notification that said cached digital certificate couldnot be validated.
 6. The mobile terminal system of claim 5, wherein saiddigital certificate for said at least one other application server istransmitted by an OTA server to said mobile device.
 7. The mobileterminal system of claim 1, additionally comprising: a gateway with asecond network interface for sending and receiving a set ofcommunications to and from said mobile device, a third network interfacefor sending and receiving said set of communications to and from said atleast one application server and processing means to reformat said setof communications between a first protocol handled by said wirelesscommunication interface of said mobile device and a second protocolhandled by said first network interface of said application server. 8.The mobile terminal system of claim 4, wherein said first protocol isSMPP.
 9. The mobile terminal system of claim 4, wherein said secondprotocol is TCP/IP.
 10. The mobile terminal system of claim 1,additionally comprising: a first application server hosting a directoryapplication, said directory application being configured to provide anapplication list response to said mobile device in response to anapplication list request from said mobile, enabling said mobile deviceto initiate interaction with one of said at least one application. 11.The mobile terminal system of claim 10, wherein said first applicationserver has knowledge of at least one other application hosted by atleast one other application server, and said application list responseincludes a set of addresses for said at least other one applicationhosted on said at least one other application server.
 12. The mobileterminal system of claim 1, wherein said mobile device is a GSM PhaseII+-compatible device and said removable module is a subscriber identitymodule.
 13. The mobile terminal system of claim 1, wherein saidremovable module is a universal subscriber identity module.
 14. Themobile terminal system of claim 1, wherein said set of instructionsconsists of one byte op-codes.
 15. The mobile terminal system of claim1, wherein said virtual machine is implemented in an applicationspecific integrated circuit on said module.
 16. The mobile terminalsystem of claim 1, wherein said at least one application server is incommunication with at least one data server and one of said applicationson said at least one application server is operable to request andreceive a data object from said at least one information server,reformat said data object for said virtual machine and transmit saidreformatted data object to said mobile device.
 17. The mobile terminalsystem of claim 15, wherein said data object is a web page.
 18. Themobile terminal system of claim 15, wherein said data server is adatabase server.
 19. A mobile terminal device, comprising: a mobiledevice having a user interface, a removable module and a wirelesscommunications interface for communicating with at least one applicationserver; said removable module implementing a virtual machine enablingmanagement of said mobile device through a set of instructionsprovisioned by said virtual machine; and a wireless communication moduleon said removable module enabling said virtual machine to transmit a setof client data through said wireless communications interface to said atleast one application server and receive at least one command formedfrom said set of instructions.
 20. A removable module for use in amobile device, comprising: non-volatile memory means for storage of atleast one application and a set of application data; and said at leastone application including a virtual machine defined by a set ofinstructions, and a communications module enabling said mobile device toreceive a message in a first format natively handled by said mobiledevice and allowing the extraction from said message at least onecommand at least partially comprised of a subset of said set ofinstructions, such that when said removable module is deployed in saidmobile device, said mobile device is able to receive said at least onecommand from an application server.
 21. The removable module of claim20, additionally comprising: a communications module for extracting saidat least one command from said message.
 22. The removable module ofclaim 21, additionally comprising a cryptographic module to provideauthentication between said mobile device and said application server.23. The mobile terminal system of claim 22, wherein said cryptographicmodule encrypts communication to and decrypts communication from saidapplication server.
 24. The removable module of claim 21, additionallycomprising: processing means for executing said virtual machine; andvolatile memory means enabling the temporary storage of a set of runtimedata by said virtual machine.
 25. The removable module of claim 24,wherein said mobile device is a GSM Phase II+-compatible device and saidremovable module is a subscriber identity module.
 26. The removablemodule of claim 20, wherein said set of instructions are mapped toone-byte op-codes.
 27. The removable module of claim 20, wherein saidset of instructions enable said application server to remotely controlsaid mobile device.
 28. The removable module of claim 20, wherein saidset of instructions enables said virtual machine to receive said atleast one command from said application server, allowing a user toinitiate communication with a second application server upon selectionthereof by a user of said mobile device.
 29. The removable module ofclaim 20, wherein said removable module is a universal subscriberidentity module.
 30. The removable module of claim 20, wherein saidvirtual machine is implemented in an application specific integratedcircuit on said removable module.
 31. An application server for enablinga mobile device to access an application, comprising: a networkinterface for sending a set of messages to said mobile device and forreceiving a set of communications from said mobile device, said mobiledevice implementing a virtual machine defined by a set of instructions,and said messages encapsulating at least one command chosen from saidset of instructions; and at least one application for interaction withsaid mobile device, said at least one application being operable togenerate a set of directions for said mobile device, compile said set ofdirections into at least one command for execution by said virtualmachine and package said at least one command in said set of messagesnatively handled by said mobile device.
 32. The application server ofclaim 30, wherein said virtual machine is implemented by a removablemodule of said mobile device.
 33. The application server of claim 30,wherein said instructions are mapped to a set of one-byte op-codes andwherein said at least one application compiles said set of directions atleast partially into said one-byte op-codes.
 34. The application serverof claim 30, wherein said application server initiates a session bytransmitting said at least one command to said mobile device withouthaving received at least one communication from said mobile device. 35.The application server of claim 30, wherein said set of instructionsenables said application server to remotely control said mobile device.36. The application server of claim 30, wherein said at least oneapplication includes a directory application maintaining a list ofapplications accessible to said mobile device, said directoryapplication being operable to receive an application list request fromsaid mobile device and return an application list response comprised ofsaid set of directions required to instruct said virtual machine todisplay a menu of said list of applications that enables a user of saidmobile device to select one of said applications in said list ofapplications and initiate communications with said application selected.37. The application server of claim 36, wherein at least one of saidapplications on said list of applications is hosted by a secondapplication server, and selection of one of said applications by saiduser of said mobile device causes said mobile device to initiate asession with said second application server.
 38. A method of adding anapplication to an application server accessed by a mobile device;comprising: configuring said application for deployment on saidapplication server; updating an application list indicating a set ofavailable applications on said application server; receiving a requestfor said application list; and responding to said request with saidupdated application list, said updated application list being compiledat least partially into a set of commands chosen from a set ofinstructions provided by a virtual machine implemented by a mobiledevice, such that a user of said mobile device can select any one ofsaid available applications from said application list and initiateinteraction therewith.
 39. The method of adding an application to anapplication server of claim 38, wherein said virtual machine isimplemented on a removable module of said mobile device.
 40. The methodof adding an application to an application server of claim 38, whereinsaid set of instructions is comprised of one-byte op-codes.
 41. A systemof managing a mobile device from a remote server, comprising: a remoteserver having a network interface for transmitting at least one commandin at least one command communication over a wireless protocol; a mobiledevice having a user interface, a wireless communication interface and aremovable module; a virtual machine implemented on said removablemodule, said virtual machine having a set of instructions enablingcontrol of said mobile device; and said removable module having awireless communication module for receiving said at least one commandcommunication from said remote server received through said wirelesscommunication interface, extracting said at least one command from saidat least one command communication and forwarding said at least onecommand to said virtual machine, enabling said remote server to controlsaid mobile device.
 42. A method of transferring sessional control on amobile device from a first application hosted on a first applicationserver to a second application hosted by a second application server,comprising: sending at least one command selected from a set ofinstructions provided by a virtual machine implemented on a removablemodule of said mobile device from said first application on said firstapplication server through a first network interface thereon to saidmobile device, thereby enabling said mobile device to send an initialrequest to said second application hosted on said second applicationserver.
 43. The method of transferring sessional control of claim 42,wherein said virtual machine is implemented by a removable module ofsaid mobile device.
 44. The method of transferring sessional control ofclaim 43, wherein said removable module is a subscriber identity module.45. The method of transferring sessional control of claim 42, whereinsaid mobile device sends said initial request to said second applicationupon selection of said second application by a user of said mobiledevice.
 46. The method of transferring sessional control of claim 42,wherein said set of instructions are comprised of one-byte op-codes.